Cyrus IMAP pre-authentication heap overflow vulnerability

Details

VuXML ID

35f6fdf8-a425-11d8-9c6d-0020ed76ef5a

Discovery

2002-12-02

Entry

2004-05-12

Modified

2004-06-27

In December 2002, Timo Sirainen reported:

Cyrus IMAP server has a remotely exploitable pre-login
buffer overflow. [...] Note that you don't have to log in
before exploiting this, and since Cyrus
runs everything under one UID, it's possible to read every
user's mail in the system.